The UK trade and financial sanctions regime is no longer an abstract concern or an issue only for banks or defence contractors. It now reaches deep into the facilities management (FM) sector - an industry reliant on complex, multi-layered supply chains.
"UK sanctions apply to all persons within the territory and territorial sea of the UK, and to all UK persons wherever they are in the world. This means that individuals and legal entities who are within or undertake activities within the UK’s territory must comply with UK sanctions."
Everything from simple cleaning products, building materials, maintenance parts, IT systems and energy management technologies all come from multiple tiers of suppliers, often spanning several jurisdictions. If any part of that chain links (even indirectly) to a sanctioned entity or individual, the entire organisation is exposed to legal, financial and reputational risk.
In this article, we take a look at the hidden sanctions risk affecting UK FM suppliers today.
The expanding reach of sanctions
Since 2022 the UK’s framework has widened significantly. New measures target Russia, Belarus, Iran, North Korea and individuals involved in corruption, cyberattacks and human-rights abuses.
Sanctions capture companies owned, held or controlled by designated persons. Control includes more than 50 per cent share ownership, voting rights, board appointment rights or even de-facto influence over decisions.
From June 2022, the Office of Financial Sanctions Implementation (OFSI) has had power to impose civil penalties on a strict-liability basis for breach of financial sanctions, with no need to prove knowledge or suspicion. Criminal prosecutions still require proof of knowledge or reasonable cause to suspect, or in some cases serious negligence. Separately, from October 2024, the newly formed Office of Trade Sanctions Implementation ("OTSI") obtained similar civil enforcement powers in respect of trade sanctions. Both have the power to publicise monetary penalties.
Lack of awareness may avoid prosecution, but not an OFSI / OTSI fine or reputational damage.
Why FM providers are vulnerable
FM supply chains are long, diverse and frequently global. A single maintenance contract can involve energy specialists, security contractors, technology vendors and waste-management firms. Each has its own sub-suppliers, often with opaque ownership.
The sector also touches sensitive areas such as energy, construction, defence, public infrastructure, where sanctions and export controls are most active.
Fast-moving procurement models increase risk - suppliers may change quickly to meet cost targets or client demands, with due-diligence steps skipped in the process.
For public-sector contracts, the consequences of a breach are amplified by potential exclusion from tenders, reputational harm and investigation.
Indirect exposure — the hidden problem
The greatest risk is indirect as it is out of sight and out of mind. A sanctioned entity may sit two or three tiers down the chain.
For example:
- a cleaning-chemical producer part-owned by a Russian investment vehicle;
- a CCTV system using software from a Chinese human-rights-sanctioned firm;
- an energy-monitoring platform based on Iranian-sourced technology.
Even without direct dealings, a transaction can breach sanctions if a designated person benefits from or controls it. The test is therefore one of substance over form, and OFSI expects companies to take “reasonable and proportionate” steps to know their counterparties. What is reasonable and proportionate will depend upon the particular supply chain, and may change over time.
To add the difficulty, in recent years, there has been a huge increase in deliberate circumvention of the UK sanctions regime by foreign states such as Russia.
“Russia is going to great lengths to circumvent sanctions and continues to procure Western military, dual-use and other critical goods through third countries, including battlefield technologies. Russia relies on deceptive tactics, such as indirect shipping routes, falsification of the end-uses of goods and professional evasion networks.”
Foreign, Commonwealth & Development Office Guidance, 27 June 2025
Export controls and dual-use goods
Many FM providers handle equipment classed as “dual-use”, being items with both civilian and military applications. Thermal cameras, drones, encryption software and certain chemicals appear on the UK Strategic Export Control Lists requiring export authorisation.
Remote maintenance or software updates supplied from the UK to an overseas system can constitute an “export” of controlled technology and require a licence. Breach carries criminal penalties.
US sanctions risk
UK FM providers must also be aware of the reach of US sanctions, which can apply even where no party is based in the United States. Transactions made in US dollars, processed through a US bank, or involving US-origin goods or software can fall within US jurisdiction.
In addition, the US operates secondary sanctions that allow it to penalise non-US companies which “materially support” sanctioned entities in countries such as Russia, Iran or China. The result is that a UK FM provider could be exposed through its payment routes, suppliers, or multinational clients.
Even when not legally bound by US law, commercial reality means banks, insurers and clients often expect compliance with OFAC rules alongside the UK regime. Consequences can include loss of access to US banks or clearing, prohibition on US firms trading with the company and denial of US export licences.
Financial and contractual impact
Banks now operate as de facto sanctions gatekeepers, delaying or blocking payments that raise risk alerts. Their compliance obligations require them to monitor transactions, block assets, and prevent sanctioned entities from accessing the financial system, making them the primary mechanism for preventing transactions that breach sanctions.
FM companies typically require broad compliance warranties in their contracts, with breaches allowing immediate termination and indemnity. The prime contractor usually bears the risk for the entire chain, even where a third-tier supplier is at fault.
Insurance policies may exclude cover where sanctions issues arise. Frozen invoices and payment delays can disrupt working capital for months and affect related projects and overall cash flow.
Public-sector scrutiny
The Procurement Act 2023 introduced exclusion and debarment grounds for sanctions breaches. The Cabinet Office's PPN 01/22 and later guidance already tell public bodies to cut ties with Russia and Belarus linked suppliers where lawful.
FM providers serving local authorities, housing associations or the NHS must be able to evidence active monitoring and due diligence.
The Take Home
Sanctions risk is now embedded in the FM sector’s daily operations. Exposure is often indirect, arising through ownership or control deep in the supply chain. Understanding how the rules apply, and where the risks sit, is the first step towards effective protection.
In Part 2 of this article, we'll look at how effective sanctions compliance can be achieved and turned to your commercial advantage.
If you would like tailored advice on sanctions compliance, supply-chain due diligence, drafting supply chain contracts that put your interests first, or dealing with potential sanctions breaches or investigations, contact our disputes and regulatory Partner Matthew Garbutt.
This article is part of our Legally FM article series, to read more from this series please click here.
/Passle/6491ca5e863f054b458578e8/MediaLibrary/Images/2025-10-02-09-13-46-273-68de424ac524d42f6126d413.png)
/Passle/6491ca5e863f054b458578e8/SearchServiceImages/2025-10-02-15-17-55-888-68de97a3bf7349bdd954f760.jpg)
/Passle/6491ca5e863f054b458578e8/SearchServiceImages/2025-09-24-13-50-18-696-68d3f71ac21ae68339249cc1.jpg)
/Passle/6491ca5e863f054b458578e8/MediaLibrary/Images/2025-10-10-09-31-53-615-68e8d289395c65df95ab4a24.png)